-
AccEar: Accelerometer Acoustic Eavesdrop** with Unconstrained Vocabulary
Authors:
Pengfei Hu,
Hui Zhuang,
Panneer Selvam Santhalingamy,
Riccardo Spolaor,
Parth Pathaky,
Guoming Zhang,
Xiuzhen Cheng
Abstract:
With the increasing popularity of voice-based applications, acoustic eavesdrop** has become a serious threat to users' privacy. While on smartphones the access to microphones needs an explicit user permission, acoustic eavesdrop** attacks can rely on motion sensors (such as accelerometer and gyroscope), which access is unrestricted. However, previous instances of such attacks can only recogniz…
▽ More
With the increasing popularity of voice-based applications, acoustic eavesdrop** has become a serious threat to users' privacy. While on smartphones the access to microphones needs an explicit user permission, acoustic eavesdrop** attacks can rely on motion sensors (such as accelerometer and gyroscope), which access is unrestricted. However, previous instances of such attacks can only recognize a limited set of pre-trained words or phrases. In this paper, we present AccEar, an accelerometerbased acoustic eavesdrop** attack that can reconstruct any audio played on the smartphone's loudspeaker with unconstrained vocabulary. We show that an attacker can employ a conditional Generative Adversarial Network (cGAN) to reconstruct highfidelity audio from low-frequency accelerometer signals. The presented cGAN model learns to recreate high-frequency components of the user's voice from low-frequency accelerometer signals through spectrogram enhancement. We assess the feasibility and effectiveness of AccEar attack in a thorough set of experiments using audio from 16 public personalities. As shown by the results in both objective and subjective evaluations, AccEar successfully reconstructs user speeches from accelerometer signals in different scenarios including varying sampling rate, audio volume, device model, etc.
△ Less
Submitted 2 December, 2022;
originally announced December 2022.
-
BLEWhisperer: Exploiting BLE Advertisements for Data Exfiltration
Authors:
Ankit Gangwal,
Shubham Singh,
Riccardo Spolaor,
Abhijeet Srivastava
Abstract:
Bluetooth technology has enabled short-range wireless communication for billions of devices. Bluetooth Low-Energy (BLE) variant aims at improving power consumption on battery-constrained devices. BLE-enabled devices broadcast information (e.g., as beacons) to nearby devices via advertisements. Unfortunately, such functionality can become a double-edged sword at the hands of attackers. In this pape…
▽ More
Bluetooth technology has enabled short-range wireless communication for billions of devices. Bluetooth Low-Energy (BLE) variant aims at improving power consumption on battery-constrained devices. BLE-enabled devices broadcast information (e.g., as beacons) to nearby devices via advertisements. Unfortunately, such functionality can become a double-edged sword at the hands of attackers. In this paper, we primarily show how an attacker can exploit BLE advertisements to exfiltrate information from BLE-enable devices. In particular, our attack establishes a communication medium between two devices without requiring any prior authentication or pairing. We develop a proof-of-concept attack framework on the Android ecosystem and assess its performance via a thorough set of experiments. Our results indicate that such an exfiltration attack is indeed possible though with a limited data rate. Nevertheless, we also demonstrate potential use cases and enhancements to our attack that can further its severeness. Finally, we discuss possible countermeasures to prevent such an attack.
△ Less
Submitted 23 July, 2022; v1 submitted 17 April, 2022;
originally announced April 2022.
-
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
Authors:
Mauro Conti,
QianQian Li,
Alberto Maragno,
Riccardo Spolaor
Abstract:
In recent years, mobile devices (e.g., smartphones and tablets) have met an increasing commercial success and have become a fundamental element of the everyday life for billions of people all around the world. Mobile devices are used not only for traditional communication activities (e.g., voice calls and messages) but also for more advanced tasks made possible by an enormous amount of multi-purpo…
▽ More
In recent years, mobile devices (e.g., smartphones and tablets) have met an increasing commercial success and have become a fundamental element of the everyday life for billions of people all around the world. Mobile devices are used not only for traditional communication activities (e.g., voice calls and messages) but also for more advanced tasks made possible by an enormous amount of multi-purpose applications (e.g., finance, gaming, and shop**). As a result, those devices generate a significant network traffic (a consistent part of the overall Internet traffic). For this reason, the research community has been investigating security and privacy issues that are related to the network traffic generated by mobile devices, which could be analyzed to obtain information useful for a variety of goals (ranging from device security and network optimization, to fine-grained user profiling).
In this paper, we review the works that contributed to the state of the art of network traffic analysis targeting mobile devices. In particular, we present a systematic classification of the works in the literature according to three criteria: (i) the goal of the analysis; (ii) the point where the network traffic is captured; and (iii) the targeted mobile platforms. In this survey, we consider points of capturing such as Wi-Fi Access Points, software simulation, and inside real mobile devices or emulators. For the surveyed works, we review and compare analysis techniques, validation methods, and achieved results. We also discuss possible countermeasures, challenges and possible directions for future research on mobile traffic analysis and other emerging domains (e.g., Internet of Things). We believe our survey will be a reference work for researchers and practitioners in this research field.
△ Less
Submitted 18 June, 2018; v1 submitted 12 August, 2017;
originally announced August 2017.
-
Robust Smartphone App Identification Via Encrypted Network Traffic Analysis
Authors:
Vincent F. Taylor,
Riccardo Spolaor,
Mauro conti,
Ivan Martinovic
Abstract:
The apps installed on a smartphone can reveal much information about a user, such as their medical conditions, sexual orientation, or religious beliefs. Additionally, the presence or absence of particular apps on a smartphone can inform an adversary who is intent on attacking the device. In this paper, we show that a passive eavesdropper can feasibly identify smartphone apps by fingerprinting the…
▽ More
The apps installed on a smartphone can reveal much information about a user, such as their medical conditions, sexual orientation, or religious beliefs. Additionally, the presence or absence of particular apps on a smartphone can inform an adversary who is intent on attacking the device. In this paper, we show that a passive eavesdropper can feasibly identify smartphone apps by fingerprinting the network traffic that they send. Although SSL/TLS hides the payload of packets, side-channel data such as packet size and direction is still leaked from encrypted connections. We use machine learning techniques to identify smartphone apps from this side-channel data. In addition to merely fingerprinting and identifying smartphone apps, we investigate how app fingerprints change over time, across devices and across different versions of apps. Additionally, we introduce strategies that enable our app classification system to identify and mitigate the effect of ambiguous traffic, i.e., traffic in common among apps such as advertisement traffic. We fully implemented a framework to fingerprint apps and ran a thorough set of experiments to assess its performance. We fingerprinted 110 of the most popular apps in the Google Play Store and were able to identify them six months later with up to 96% accuracy. Additionally, we show that app fingerprints persist to varying extents across devices and app versions.
△ Less
Submitted 20 April, 2017;
originally announced April 2017.
-
DELTA: Data Extraction and Logging Tool for Android
Authors:
Mauro Conti,
Elia Dal Santo,
Riccardo Spolaor
Abstract:
In the past few years, the use of smartphones has increased exponentially, and so have the capabilities of such devices. Together with an increase in raw processing power, modern smartphones are equipped with a wide variety of sensors and expose an extensive set of API (Accessible Programming Interface). These capabilities allow us to extract a wide spectrum of data that ranges from information ab…
▽ More
In the past few years, the use of smartphones has increased exponentially, and so have the capabilities of such devices. Together with an increase in raw processing power, modern smartphones are equipped with a wide variety of sensors and expose an extensive set of API (Accessible Programming Interface). These capabilities allow us to extract a wide spectrum of data that ranges from information about the environment (e.g., position, orientation) to user habits (e.g., which apps she uses and when), as well as about the status of the operating system itself (e.g., memory, network adapters). This data can be extremely valuable in many research fields such as user authentication, intrusion detection and detection of information leaks. For these reasons, researchers need to use a solid and reliable logging tool to collect data from mobile devices.
In this paper, we first survey the existing logging tools available on the Android platform, comparing the features offered by different tools and their impact on the system, and highlighting some of their shortcomings. Then, we present DELTA - Data Extraction and Logging Tool for Android, which improves the existing Android logging solutions in terms of flexibility, fine-grained tuning capabilities, extensibility, and available set of logging features. We performed a full implementation of DELTA and we run a thorough evaluation on its performance. The results show that our tool has low impact on the performance of the system, on battery consumption, and on user experience. Finally, we make the DELTA source code and toolset available to the research community.
△ Less
Submitted 9 September, 2016;
originally announced September 2016.
-
No Free Charge Theorem: a Covert Channel via USB Charging Cable on Mobile Devices
Authors:
Riccardo Spolaor,
Laila Abudahi,
Veelasha Moonsamy,
Mauro Conti,
Radha Poovendran
Abstract:
More and more people are regularly using mobile and battery-powered handsets, such as smartphones and tablets. At the same time, thanks to the technological innovation and to the high user demands, those devices are integrating extensive functionalities and developers are writing battery-draining apps, which results in a surge of energy consumption of these devices. This scenario leads many people…
▽ More
More and more people are regularly using mobile and battery-powered handsets, such as smartphones and tablets. At the same time, thanks to the technological innovation and to the high user demands, those devices are integrating extensive functionalities and developers are writing battery-draining apps, which results in a surge of energy consumption of these devices. This scenario leads many people to often look for opportunities to charge their devices at public charging stations: the presence of such stations is already prominent around public areas such as hotels, shop** malls, airports, gyms and museums, and is expected to significantly grow in the future. While most of the time the power comes for free, there is no guarantee that the charging station is not maliciously controlled by an adversary, with the intention to exfiltrate data from the devices that are connected to it.
In this paper, we illustrate for the first time how an adversary could leverage a maliciously controlled charging station to exfiltrate data from the smartphone via a USB charging cable (i.e., without using the data transfer functionality), controlling a simple app running on the device, and without requiring any permission to be granted by the user to send data out of the device. We show the feasibility of the proposed attack through a prototype implementation in Android, which is able to send out potentially sensitive information, such as IMEI, contacts' phone number, and pictures.
△ Less
Submitted 9 September, 2016;
originally announced September 2016.
-
CAPTCHaStar! A novel CAPTCHA based on interactive shape discovery
Authors:
Mauro Conti,
Claudio Guarisco,
Riccardo Spolaor
Abstract:
Over the last years, most websites on which users can register (e.g., email providers and social networks) adopted CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) as a countermeasure against automated attacks. The battle of wits between designers and attackers of CAPTCHAs led to current ones being annoying and hard to solve for users, while still being vulnera…
▽ More
Over the last years, most websites on which users can register (e.g., email providers and social networks) adopted CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) as a countermeasure against automated attacks. The battle of wits between designers and attackers of CAPTCHAs led to current ones being annoying and hard to solve for users, while still being vulnerable to automated attacks.
In this paper, we propose CAPTCHaStar, a new image-based CAPTCHA that relies on user interaction. This novel CAPTCHA leverages the innate human ability to recognize shapes in a confused environment. We assess the effectiveness of our proposal for the two key aspects for CAPTCHAs, i.e., usability, and resiliency to automated attacks. In particular, we evaluated the usability, carrying out a thorough user study, and we tested the resiliency of our proposal against several types of automated attacks: traditional ones; designed ad-hoc for our proposal; and based on machine learning. Compared to the state of the art, our proposal is more user friendly (e.g., only some 35% of the users prefer current solutions, such as text-based CAPTCHAs) and more resilient to automated attacks.
△ Less
Submitted 17 December, 2015; v1 submitted 2 March, 2015;
originally announced March 2015.
-
Can't you hear me knocking: Identification of user actions on Android apps via traffic analysis
Authors:
Mauro Conti,
Luigi V. Mancini,
Riccardo Spolaor,
Nino V. Verde
Abstract:
While smartphone usage become more and more pervasive, people start also asking to which extent such devices can be maliciously exploited as "tracking devices". The concern is not only related to an adversary taking physical or remote control of the device (e.g., via a malicious app), but also to what a passive adversary (without the above capabilities) can observe from the device communications.…
▽ More
While smartphone usage become more and more pervasive, people start also asking to which extent such devices can be maliciously exploited as "tracking devices". The concern is not only related to an adversary taking physical or remote control of the device (e.g., via a malicious app), but also to what a passive adversary (without the above capabilities) can observe from the device communications. Work in this latter direction aimed, for example, at inferring the apps a user has installed on his device, or identifying the presence of a specific user within a network.
In this paper, we move a step forward: we investigate to which extent it is feasible to identify the specific actions that a user is doing on his mobile device, by simply eavesdrop** the device's network traffic. In particular, we aim at identifying actions like browsing someone's profile on a social network, posting a message on a friend's wall, or sending an email. We design a system that achieves this goal starting from encrypted TCP/IP packets: it works through identification of network flows and application of machine learning techniques. We did a complete implementation of this system and run a thorough set of experiments, which show that it can achieve accuracy and precision higher than 95%, for most of the considered actions.
△ Less
Submitted 29 July, 2014;
originally announced July 2014.
